Information processing apparatus and information processing method

ABSTRACT

An activity-area/time-frame weighting table indicates the likelihood of where a user is most likely to be in a certain time frame, and weighting (the number of points) is set depending on times frames, which are divided into weekdays and weekends. The activity pattern may be obtained through the user&#39;s application at the time of registration, or may be obtained by detecting the locations of the user for a predetermined period, such as for one week, using a GPS or PHS. For example, when a user is mostly likely to be on the route to the company from home in the time frame of commuting hours on a weekday, the weighting is set low. Based on an area and time frame in which a corresponding credit card or the like is used, the number of points is determined, and is then used to set an authentication level.

BACKGROUND OF THE INVENTION

[0001] 1. Field of the Invention

[0002] The present invention relates to information processing apparatuses and information processing methods, and more specifically to an information processing apparatus, which is preferably used for performing an authentication process using a plurality of authentication process methods, and an information processing method.

[0003] 2. Description of the Related Art

[0004] Conventionally, as a method for user authentication, for example, when a cash card or credit card is used, a signature, password, or the like has often been required.

[0005] The signature, however, can be easily counterfeited, and the password can also be easily entered even by another person once the password is compromised, which thereby permits another person who impersonates the authentic user to use the cash card or credit card.

[0006] To prevent such impersonation, for example, a technique for performing an authentication process utilizing biometric information such as a fingerprint has been making progress. The biometric information is certainly more secured, i.e., more difficult to counterfeit, than a signature or password.

[0007] Even by an authentication process using biometric information, some incidents have been reported that image data was collected from a fingerprint left on glass or the like and a counterfeit finger was created and was authenticated by a commercially-available fingerprint verification device. In this manner, authentication using a single piece of information cannot be said to completely prevent impersonation.

[0008] Thus, a plurality of pieces of authentication information is further used to perform user authentication in some cases. However, such a need for an authentication process with a plurality of pieces of information causes considerable inconvenience to both a user and a store that executes an authentication process, especially when the user is making a very inexpensive purchase or when the user is shopping at a store to which he or she frequently goes. Thus, such an authentication could impair the convenience of the use of a cash card or credit card. In particular, an authentication process using biometric information often involves a complicated process such as image processing, so that an authentication process executed with a plurality of pieces of information requires a tremendous amount of processing time.

SUMMARY OF THE INVENTION

[0009] The present invention has been made in view of the foregoing situations, and an object of the present invention is to allow for an authentication process that is secured enough to prevent impersonation while minimizing an unnecessary authentication process by determining a user's authentication level prior to the authentication process.

[0010] A first information processing apparatus according to the present invention includes first recording means for recording information concerning an activity pattern of a registered user, first obtaining means for obtaining information concerning a location at which a shopping user undergoes an authentication process, second obtaining means for obtaining the current time, and authentication-level determining means. The authentication-level determining means determines an authentication level for the authentication process to be executed for the shopping user, based on the information concerning the registered user's activity pattern recorded in the first recording means, the information concerning the location obtained by the first obtaining means, and the current time obtained by the second obtaining means.

[0011] The information concerning the activity pattern can be recorded as a table in the first recording means, and weighting factors are preferably specified in the table so as to correspond to locations and time frames. Based on one of the weighting factors which corresponds to the information concerning the location obtained by the first obtaining means and the current time obtained by the second obtaining means, the authentication-level determining means can determine the authentication level for the authentication process to be executed for the shopping user.

[0012] The information processing apparatus may further include updating means for updating the activity pattern recorded in the first recording means.

[0013] The information processing apparatus can further include third obtaining means for obtaining information concerning an item to be purchased or a service to be used by the shopping user and second recording means for recording a table. The table is used for determining a predetermined weighting factor so as to correspond to the information concerning the item or the service. The authentication-level determining means can further use the information concerning the item or the service obtained by the third obtaining means and the weighting factor that is determined according to the table recorded by the second recording means, to determine the authentication level.

[0014] The information concerning the item or the service can include the information of an amount of money to be spent by the shopping user.

[0015] The information concerning the item or the service can include category information of the item or the service.

[0016] The information processing apparatus can further include transmitting means for transmitting information concerning the authentication level determined by the authentication-level determining means to another information processing apparatus.

[0017] A first information processing method according to the present invention includes a recording control step of controlling the recording of information concerning an activity pattern of a registered user, a first obtaining control step of controlling the obtaining of information concerning a location at which a shopping user undergoes an authentication process, a second obtaining control step of controlling the obtaining of the current time, and an authentication-level determining step of determining an authentication level for the authentication process to be executed for the shopping user. The authentication level is determined based on the information concerning the registered user's activity pattern that is recorded under the control of the recording control step, the information concerning the location that is obtained under the control of the first obtaining control step, and the current time that is obtained under the control of the second obtaining control step.

[0018] A second information processing apparatus according to the present invention includes first transmitting means for transmitting, to an authentication center, predetermined information necessary for determining an authentication level for an authentication process to be executed for a shopping user; first receiving means for receiving authentication level information from the authentication center; and determining means for determining a combination of a plurality of authentication process methods for the authentication process, based on the authentication level information received by the first receiving means.

[0019] The information processing apparatus can further include recording means for recording a table. The table is for determining the authentication process to be executed so as to correspond to the authentication level. The determining means determines a combination of the plurality of authentication process methods for the authentication process such that the authentication level information received by the first receiving means corresponds to the table recorded by the recording means.

[0020] The predetermined information transmitted from the first transmitting means can include an identification for identifying a location at which the authentication process is to be executed.

[0021] The predetermined information transmitted from the first transmitting means can include the information of an amount of money to be spent by the shopping user.

[0022] The predetermined information transmitted from the first transmitting means can include category information of an item to be purchased or a service to be used by the shopping user.

[0023] A second information processing method according to the present invention includes a first transmitting step of transmitting, to an authentication center, predetermined information necessary for determining an authentication level for an authentication process to be executed for a shopping user; a step of receiving authentication level information from the authentication center; and a step of using a combination of a plurality of authentication process methods, based on the authentication level information received by the receiving step.

[0024] Third information processing apparatus and method according to the present invention use a plurality of authentication process methods. An authentication process is performed using a combination of the authentication processing methods which is determined based on either time or a location at which an authentication process is to be performed or based on both the time and the location.

[0025] Fourth information processing apparatus and method according to the present invention use a plurality of authentication process methods. An authentication process is performed using a combination of the authentication process methods which is determined based on an item to be purchased through the authentication process or an amount of money for the item or based on both the item and the amount of money.

[0026] According to the first information processing apparatus and method, information concerning the activity pattern of a registered user is recorded, information concerning a location at which a shopping user undergoes an authentication process, and the current time is obtained, and an authentication level for an authentication process to be executed for the shopping user is determined based on the information concerning the activity pattern of the registered user, the information concerning the location, and the current time. Thus, when a rightful user undergoes an authentication process in the range of his or her ordinary life, it is possible to prevent an authentication process from being executed at an authentication accuracy more than required and thus to prevent more time from being taken than required in an accounting process upon purchase of goods or services, based on the activity pattern of the registered user and on a location and time at which a shopping user undergoes an authentication process. Furthermore, it is possible to determine an authentication level for an authentication process that is secured enough to prevent impersonation by a third party.

[0027] According to the second information processing apparatus and method, a predetermined information necessary for determining an authentication level for an authentication process to be executed for a shopping user is transmitted and authentication level information is received, and a combination of a plurality of processes for the authentication process is determined based on the received authentication level information. Thus, it is possible to prevent an authentication process from being executed at an authentication accuracy more than required and thus to prevent more time from being taken than required in an accounting process upon purchase of goods or services, based on the obtained authentication level, when a rightful user undergoes an authentication process in the range of his or her ordinary life. Furthermore, it is possible to perform an authentication process that is secured enough to prevent impersonation by a third party.

BRIEF DESCRIPTION OF THE DRAWINGS

[0028]FIG. 1 is a diagram illustrating an authentication center, a store, and a network connection in an authentication processing system according to the present invention;

[0029]FIG. 2 is a block diagram illustrating the configuration of a server shown in FIG. 1;

[0030]FIG. 3 illustrates an exemplary store-information table;

[0031]FIG. 4 illustrates an exemplary personal-information table;

[0032]FIG. 5 illustrates an exemplary activity-area/time-frame weighting table;

[0033]FIG. 6 illustrates an exemplary activity area of a user;

[0034]FIG. 7 illustrates an exemplary item-category weighting table;

[0035]FIG. 8 illustrates an exemplary purchase-amount weighting table;

[0036]FIG. 9 illustrates an exemplary authentication-level determination table;

[0037]FIG. 10 illustrates an exemplary authentication-log table;

[0038]FIG. 11 is a block diagram illustrating a client shown in FIG. 1;

[0039]FIG. 12 is a flowchart illustrating processing at the client and server; and

[0040]FIGS. 13A to 13D illustrate how a combination of personal authentication devices are determined depending on authentication levels.

DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0041] The embodiment of the present invention will be described below with reference to the accompanying drawings.

[0042] A description will now be made of an authentication processing system according to the present invention with reference to FIG. 1.

[0043] A server 11 at an authentication center 1 is connected to a client 31 at a store 3 over a predetermined network 2, such as the Internet or a dedicated line. When the network 2 is a network widely open to the public, such as the Internet, the server 11 at the authentication center 1 and the client 31 at the store 3 communicate information by using, for example, an encryption technology, to ensure that a malicious third party cannot take a peek at the information.

[0044] When a user (hereinafter may be referred to as a “shopping user”) at the store 3 purchases an item or a service using, for example, a credit card, a cash card, or an IC card in which electronic money is input, the client 31 communicates predetermined information with the server 11 to authenticate whether the shopping user at the store 3 is an authentic user who has been registered. A description will now be made of an authentication process when a credit card is used at the store 3.

[0045] In FIG. 1, although only one store 3 is illustrated, needless to say, a plurality of stores 3 may be provided, each store 3 being connected by a respective client 31 to the server 11 of the authentication center 1 over the network 2. Since the configurations of the clients 31 to input devices 36 which are provided at respective stores are essentially the same as those at the store 3 shown in FIG. 1, the illustrations and the descriptions thereof will be omitted.

[0046] At the authentication center 1, a storage section 12, which includes a plurality of storage devices, is externally connected to the server 11. The storage section 12 includes various databases, such as a store-information database 21 in which information concerning the store 3 is recorded, a personal-information database 22 in which an ID (identification) for a registered user and personal information used for an authentication process are recorded, and an authentication-information database 23 for storing a reference table for determining an authentication level and a history of an authentication process result. Examples of personal information recorded in the personal-information database 22 include a password; image information for verifying a signature or features extracted from the signature; image information for verifying a fingerprint, a palmprint, an iris, or a face, or features extracted from the image information; voice data for verifying a voiceprint or features extracted from the voice data; and other biometric information of the user.

[0047] The client 31 at the store 3 is connected to an accounting device 32 and a personal authentication device 35.

[0048] The accounting device 32 is a so-called register or the like, which executes various calculations, such as determination of a total amount, and addition of tax, a service charge, and the like, in response to input of prices of an item and/or a service purchased by a user. The accounting device 32 causes a display 33 to display the calculation result, and allows a printer 34 to print it on predetermined paper and to output the printed paper as a receipt. In addition, when the client 31 is not provided with a display unit or is not connected to a display device, the accounting device 32 receives a signal representing an authentication process result from the client 31 and displays the result on the display 33.

[0049] The personal authentication device 35 includes at least one device for processing personal authentication, and each of the at least one device outputs information concerning personal authentication to the client 31. In this case, the personal authentication device 35 is constituted by four devices, i.e., personal authentication devices 41 to 44; however, the number and type of devices may vary depending on the individual stores 3.

[0050] The personal authentication device 35 executes a personal authentication process, for example, verification of a signature; input of a password; verification of biometric information, such as verification of a fingerprint, verification of a palmprint, comparison of features of a face, verification of a voiceprint, or verification of an iris; or a challenge response.

[0051] The challenge response is one of the user authentication schemes using a one-time password (OTP). Upon receiving a request for authentication from the user side, the authentication-side system transmits a random number, called a “challenge code”, to the shopping user. The shopping user uses the challenge code, a token, and a PIN (personal identification number) to generate a response code, and returns the response code to the system. When the response is valid, the system authenticates the shopping user. Since the challenge code is generated at random for each case, a response created therefor is also different for each case.

[0052] Thus, as the personal authentication devices 41 to 44, the personal authentication device 35 may include a device for receiving a user's password from an input device 36; and/or a device for receiving and processing, for example, an image of a user's fingerprint, palmprint, face, or pupil to determine the features, when a CCD (charge coupled device) camera is used as the input device 36. Further, the personal authentication device 35 may include a device for recording user's voice input from the input device 36 and for analyzing the voice print thereof; a device for performing a computation for the so-called “challenge response”; and/or a device having a button with which a clerk at the store 3 who has verified the signature of a user enters information representing the signature being verified. With this arrangement, the personal authentication device 35 generates data needed for the authentication process and outputs the data to the client 31.

[0053] A method other than the above-described method may be used for the personal authentication method. For example, authentication may be performed by asking a shopping user a question that is not so complicated but that can be known by only an authentic person, including personal information (a part of a telephone number or address) registered at the time of user registration, a birthplace, or a mother's maiden name, and by determining whether or not the user can correctly answer the question. In such a case, the personal authentication device 35 can include a device for receiving the answer input from the input device 36. In this case, the question and the answer therefor are recorded in the personal-information database 22 of the authentication center 1.

[0054]FIG. 2 is a block diagram showing the configuration of the server 11.

[0055] Signals representing various instructions entered by the administrator of the server 11 using an input unit 64 and signals transmitted from the client 31 via a network interface 70 are input to a CPU (central processing unit) 61 through an input/output interface 62 and an internal bus 63. In accordance with such input signals, the CPU 61 executes various processes. A ROM (read only memory) 65 essentially stores constant data out of programs and computational parameters used by the CPU 61. A RAM (random access memory) 66 stores a program used and executed by the CPU 61 and parameters that vary as appropriate in response to the execution. The CPU 61, the ROM 65, and the RAM 66 are interconnected through the internal bus 63.

[0056] The internal bus 63 is also connected with the input/output interface 62. The input unit 64 is implemented with, for example, a keyboard, touchpad, jog dial and/or mouse, and is manipulated when the administrator of the server 11 enters various instructions to the CPU 61. A display unit 67 may be implemented with a CRT (cathode ray tube) display or an LCD (liquid crystal display) to display various kinds of information in the form of text, an image, or the like.

[0057] A HDD (hard disk drive) 68 drives a hard disk, and causes a program or information, which is executed by the CPU 61, to be recorded onto or played back from the hard disk. A magnetic disk 81, an optical disk 82, a magnetic optical disk 83, and a semiconductor memory 84 may be attached to a drive 69 as required for data recording and reading.

[0058] The network interface 70 is also connected to the network 2 and transmits and receives information to and from the client 31 over the network 2. Further, the network interface 70 is also connected to the storage section 12.

[0059] The input unit 64, the HDD 68, the drive 69, and the network interface 70 are connected to the CPU 61 through the input/output interface 62 and the internal bus 63.

[0060] A store-information table that is registered in the store-information database 21 in the storage section 12 will now be described with reference to FIG. 3.

[0061] Client IDs, which are individually assigned to the clients 31 provided at the stores 3, and address information (or, area information) indicating the locations of the stores 3 are registered in the store-information table. For each store 3, information such as a main item category and contact information (e.g., a telephone number and/or an electronic-mail address) may be registered in the store-information table.

[0062] A personal-information table that is registered in the personal-information database 22 in the storage section 12 will now be described with reference to FIG. 4.

[0063] Registered information in the personal-information table includes a user ID that is uniquely assigned to a registered user (a credit card holder), a weighting-table ID, and contact information (e.g., an address, telephone number, and electronic-mail address) of the user. The weighting-table ID is used for referring to a weighting table that is used for determining an authentication level when each user purchases an item or receives a service at the store 3 in which the user is registered.

[0064] The weighting table is created and updated based on the activity or use history of each user. The weighting table may be constituted by an activity-area/time-frame weighting table (which will be described below with reference to FIG. 5) in which the activity area and main activity time of a registered user are reflected; an item-category weighting table (which will be described later with reference to FIG. 7) in which the category of an item or service that the user often purchases or uses is reflected; and an purchase-amount weighting table (which will be described later with reference to FIG. 8), in which a price range that the user often uses is reflected, that is used for preventing extensive damage due to impersonation in the case of a large payment.

[0065]FIG. 5 shows an activity-area/time-frame weighting table that is registered in-the personal-information database 22 in the storage section 12.

[0066] The activity-area/time-frame weighting table is a table to which weighting factors (points) are applied according to the likelihood of a location at which a registered user of interest is most likely to be in a certain time frame. In the activity-area/time-frame weighting table of FIG. 5, time frames are divided into weekday events and weekend (holiday) events so that those events match the activity pattern of the user. The weighting factors for the activity area and the individual time frames may be obtained based on the user's application at the time of registration, or may be obtained based on data resulting from actual detection. In the latter case, for example, for a predetermined period such as for one week, a GPS (global positioning system) or PHS (personal handyphone system) can be utilized to detect where a user of interest is in respective time frames.

[0067] The GPS is a system for determining the location (longitude/latitude) and/or the traveling direction of a receiver by receiving radio waves from three satellites whose radio waves are the easiest to receive out of radio waves that are transmitted from geodetic earth orbiting satellites launched by the U.S. Department of Defense. When the GPS is utilized to determine and register the activity area of a user, the user moves with a GPS antenna for a predetermined period, for example, for one or two weeks. The current location of the user is then detected at every predetermined time, such as every 10 or 30 minutes, and the resulting data is accumulated and analyzed. This makes it possible to determine the likelihood of where the user is most likely to be in a certain time frame. Thus, the data can be advantageously reflected in the activity-area/time-frame weighting table.

[0068] For example, a user is assumed to have a main personal-activity area shown in FIG. 6, which includes the user's home and its vicinity, town A in city X in which the home is located and a park, the parents' home of the user located in city Y and its vicinity, the user's company located in district W and its vicinity, town B in district Z located on the way to work, and traveling routes (e.g., routes 1 to 3 are railroads and avenues 1 to 4 are routes along which the user travels on foot or by bus) that connects those areas.

[0069] As shown in the activity-area/time-frame weighting table of FIG. 5, since this user is most likely to be on the route from home to the company in the time frame of commuting hours on weekdays, the weighting factors (points) for those corresponding areas are set to be low. Further, since the user is more likely to be shopping in the time frame on the way home rather than on the way to work, the points for the commuting routes and the towns on the way back home are set to be low. Also, in the time frame of business hours, since the user would most likely be at the company, corresponding points therefor are set to be low. However, since the user may occasionally be at home during that time frame, for example, when the user takes off from work due to poor physical condition, such a case is also taken into account to set the points. Meanwhile, in the time frame of business hours on weekdays, since the user would rarely be at a place other than the company and home, the points for such a case are set to be very high. Additionally, when the user is very unlikely to go out during the time frame of late-night hours or is least likely to be at the company or in an area toward the company during the daytime on a weekend, the points therefor are set to be very high.

[0070] In the activity-area/time-frame weighting table illustrated in FIG. 5, the weighting factors (points) are set with the numeric values of 1 to 10 according to locations (activity areas) and time frames for which an authentication process is to be performed. Naturally, the method for setting the points is not limited thereto. For example, the points may be set in more detail using numeric values 1 to 50 or the like, or may be set more roughly using 3-level numeric values.

[0071] In addition, while the user's activities are separately registered for the weekday events and weekend events in the activity-area/time-frame weighting table illustrated in FIG. 5, the classification of areas or time frames therein are not limited to what are illustrated in FIG. 5. For example, for a user who has a fixed day of the week on which the user does not work overtime or a set day of the week on which the user has a lesson after work, such a schedule may be considered to classify the areas or time frames in the activity-area/time-frame weighting table with every or a predetermined day of the week being differentiated.

[0072] A weighting factor (the number of points) associated with each area and time frame in the activity-area/time-frame weighting table is updated based on future records (i.e., the history of authentication processes) of the user's use of the credit card. For example, in a time frame and area for which the number of points is currently set high in the activity-area/time-frame weighting table, when a case in which a user is adequately authenticated using his or her credit card happens continuously more than a predetermined number of times, the weighting table is updated so that the number of points for the corresponding time frame and area becomes low.

[0073] In the above, while a case in which the weighting factors (points) are determined based on both locations (activity areas) and time frames have been described with reference to FIG. 5, such an approach is merely one example. Thus, the weighting factors (points) may be determined based on either locations (activity areas) or time frames.

[0074] An item-category weighting table that is registered in the personal-information database 22 in the storage section 12 will now be described with reference to FIG. 7.

[0075] Individual users purchase goods or services which suit their tastes, which vary to certain degrees in most cases. For example, a user may frequently purchase books, a user may prefer to collect miscellaneous goods, a user may not like eating out and thus often buy food products to cook his or her own meal, and a user may rarely listen to music and thus rarely buy CDs (compact disks).

[0076] Thus, such deviation of users' preferences can be utilized as information for determining whether or not a user is more likely to be an authentic user based on the category of an item or service to be purchased. Examples of item categories include general merchandise, clothing, food product, CD, dinning, cashing service, etc. Naturally, other categories, which are not listed in the item-category weighting table in FIG. 7, can also be prepared, including a book, medical service, use of a parking lot.

[0077] In cashing services, when a user uses, for example, an automated cash dispenser in some cases, the clerk or the like may not check the user's face. Such a case is more vulnerable to damage due to impersonation and can lead to a large amount of damage. Accordingly, with respect to cashing services, the weighting factors (points) may be set higher than those for other item categories regardless of the user's use frequency.

[0078] Points entered in the item-category weighting table may be designated by the user in advance at the time of registration, or may be set to the same value at the time of registration. Those points in the item-category weighting table are updated based on a future use history of the user.

[0079] A purchase-amount weighting table that is registered in the personal-information database 22 in the storage section 12 will now be described with reference to FIG. 8.

[0080] In the purchase-amount weighting table in FIG. 8, the weighting factors (points) are set higher as the amount of purchase is greater. This is because, in case that a malicious third party who impersonates the authentic user makes a large amount of purchase, the damage becomes correspondingly great.

[0081] With respect to the purchase-amount weighting table, the points may be set in the same manner as in the item category weighting table illustrated in FIG. 7. Thus, the points may be set based on the frequency of price ranges that a user uses, or may be set by reflecting, to some extent, the frequency of individual price ranges that the user uses while setting points for a large amount of purchase to be high.

[0082] The server 11 receives a request for determining an authentication level from the client 31. Based on information transmitted from the client 31, the server 11 extracts the activity-area/time-frame weighting table in which the activity pattern of a user to be authenticated is set and recorded, the item-category weighting table, and the purchase-amount weighting table, and then extracts points from the respective tables. The server 11 then, for example, multiplies those points, to determine an authentication level based on the multiplied value.

[0083]FIG. 9 shows an authentication-level determination table that is registered in the authentication-level information database 23.

[0084] In this case, five authentication levels are provided ranging from levels A to E. Points that are extracted respectively from the activity-area/time-frame weighting table, the item-category weighting table, and the purchase-amount weighting table are multiplied, and when the resulting value of the multiplication is 1 to 9, the authentication level is A. Likewise, when the value is 10 to 15, the authentication level is B; when the value is 16 to 25, the authentication level is C; when the value is 26 to 40, the authentication level is D; and when the value is 41 or greater, the authentication level is E. Authentication level E is a level that does not permit an authentication process.

[0085] Although the authentication level has been described as being determined based on a value obtained by multiplying points that are respectively extracted from the activity-area/time-frame weighting table, the item-category weighting table, and the purchase-amount weighting table, any calculation method other than multiplication may be used to determine the authentication level. In addition, a weighting table other than the above-described three tables may be prepared to extract points. Alternatively, the number of points that is obtained from only the activity-area/time-frame weighting table may be used to determine the authentication level.

[0086] In addition, various variations are possible to determine the authentication level. For example, the authentication level can be determined based on either a location (activity area) or a time frame, based on both of them, based on either the category of an item or its price, or based on both of them.

[0087] An authentication-log table is also recorded in the authentication-level information database 23. The authentication-log table is used for storing the result of an authentication process, which is executed according to an authentication level determined using the authentication-level determination table. As shown in FIG. 10, in the authentication-log table recorded in the authentication-level information database 23, data and time at which an authentication process is executed, a user ID, a client ID, an authentication level, and an authentication result are registered.

[0088]FIG. 11 is a block diagram showing the configuration of the client 31.

[0089] Signals representing various instructions entered by the clerk at the store 3 using an input device 103, signals transmitted from the server 11 via a network interface 108, and signals transmitted from the accounting device 32 or the personal authentication device 35 via an input/output interface 104 are input to a CPU 101. In accordance with such input signals, the CPU 101 executes various processes. A ROM 105 essentially stores, for example, a client ID, constant data out of programs and computational parameters used by the CPU 101. A RAM 106 stores a program used and executed by the CPU 101 and parameters that vary as appropriate in response to the execution. The CPU 101, the ROM 105, and the RAM 106 are interconnected through an internal bus 102.

[0090] The internal bus 102 is also connected to an input/output interface 104, an input unit 103, a drive 107, and a network interface 108. The input/output interface 104 is connected to the accounting device 32 and the personal authentication device 35, and transmits and receives information thereto and therefrom. The input unit 103 is implemented with, for example, a keyboard, touchpad, jog dial, and/or mouse, and is manipulated when the administrator of the client 31 enters various instructions into the CPU 101. A magnetic disk 111, an optical disk 112, a magnetic optical disk 113, or a semiconductor memory 114 may be attached to the drive 107 as required for data recording and reading.

[0091] The network interface 108 is also connected to the network 2 and transmits and receives information to and from the server 11 over the network 2.

[0092] Processes executed by the server 11 and the client 31 will now be described with reference to a flow chart in FIG. 12.

[0093] In step S1, the CPU 101 of the client 31 receives information, such as the use of a credit card, the category of an item or service to be purchased, an amount therefor, and the like, from the accounting device 32 via the input/output interface 104 and the internal bus 102.

[0094] In step S2, the CPU 101 of the client 31 reads its own client ID from the ROM 105, and transmits the client ID to the server 11 via the internal bus 102, and the network interface 108, and the network 2 in conjunction with information (extracted from information input from the accounting device 32 and that is needed for determination of an authentication level), such as an amount and the category of an item to be purchased and the card number of a credit card to be used (a user ID or information that allows for identification of a user ID).

[0095] In step S3, based on the client ID, which is transmitted from the client 31 via the network 2, the network interface 70, the input/output interface 62, and the internal bus 63, the CPU 61 of the server 11 refers to the store-information table recorded in the store-information database 21 to retrieve the area of the store 3 and also to obtain the current time.

[0096] In step 4, based on a weighting table ID that is recorded in the personal information table recorded in the personal-information database 22, the CPU 61 of the server 11 retrieves, from the personal-information database 22, an activity-area/time-frame weighed table, a purchase-amount weighting table, and an item-category weighting table for a registered user who is the rightful owner of a credit-card that the user at the store 3 intends to use,.

[0097] In step S5, the CPU 61 of the server 11 refers to individual weighting tables, which are retrieved from the personal-information database 22, and extracts points according to the weighting tables, using information, such as the area of the client 31, the current time, and a purchase amount and item category which are included in the information transmitted from the client 31.

[0098] In step S6, the CPU 61 of the server 11 executes a predetermined computation, such as multiplying the points extracted in step S5, and determines an authentication level for an authentication process to be executed by the client 31, by referring to the authentication-level determination table stored in the authentication-information database 23.

[0099] For example, when the number of points in the activity-area/time-frame weighting table is 3, the number of points in the item-category weighting table is 2, and the number of points in the purchase-amount weighting table is 2, the multiplied value thereof is 12. Thus, the authentication level therefor is determined to be level B according to the authentication-level determination table in FIG. 9.

[0100] In step 7, based on the result determined in step S6, the CPU 61 of the server determines whether or not the authentication level is E, i.e., whether or not the credit card that the user at the store 3 intends to use is suspended, or to be suspended, from use.

[0101] In step S7, when it is determined that the credit card is suspended, or to be suspended, from use, in step S8, the CPU 61 of the server 11 generates a signal for notifying the client 31 of the suspension of use and transmits the signal to the client 31 via the internal bus 63, the input/output interface 62, the network interface 70, and the network 2.

[0102] In step 9, the CPU 101 of the client 31 receives the signal for notifying the suspension of use via the network 2, the network interface 108, and the internal bus 102, and then outputs an error message to the display 33 via the internal bus 102, the input/output interface 104, and the accounting device 32, so that the clerk at the store 3 is notified that the credit card the user at the store 3 intends to use is suspended from use (i.e., the user is most likely to be a non-registered user), thereby ending the process.

[0103] In step S7, when it is determined that the credit card is not suspended from use, in step S10, the CPU 61 of the server 11 transmits the result of the level determined in step S6 to the client 31 via the internal bus 63, the input/output interface 62, the network interface 70, and the network 2.

[0104] In step S11, the CPU 61 of the server 11 refers to a corresponding user's level determination log, which is recorded in the authentication-log table in the authentication-information database 23, and executes a user verification process as required when a high authentication level continues for a predetermined number of times or more with respect to the corresponding user.

[0105] The term “user verification process” herein means a process of confirming directly with a corresponding registered user that a credit card in question is not fraudulently used by a third party, based on the contact information of the registered user recorded in the persona-authentication table illustrated in FIG. 4. Such confirmation can be made in such a manner that, the CPU 61 of the server 11 generates and transmits, to the registered user, electronic mail for checking the use status of his or her credit card or whether or not the credit card is lost, or an operator at the authentication center 1 checks with the registered user as to the use status of his or her credit card or as to whether the credit card is lost, by means of conventional mail or telephone without going through the network 2.

[0106] In step S12, the CPU 101 of the client 31 receives the authentication-level determination result from the server 11 via the network 2, the network interface 108, and the internal bus 102.

[0107] In step S13, the CPU 101 of the client 31 determines a combination in the personal authentication device 35, based on the authentication-level determination result received in step S12. A table as shown in FIG. 13 is recorded in the client 31. The table indicates how the personal authentication devices 41 to 44 in the personal authentication device 35 in the store 3 are combined for executing an authentication process for each authentication level. The CPU 101 refers to the table to determine a combination in the personal authentication device 35.

[0108] Individual stores 3 may have different personal authentication devices 35. Since price ranges of items handled or services offered vary depending on individual stores 3, it would be of no use to provide a high-cost personal authentication device 35 at a store 3 that handles inexpensive items. Thus, for example, one of the tables as shown in FIGS. 13A to 13D is recorded in each client 31 at the store 3, according to the personal authentication device 35 provided at each store 3.

[0109] For example, suppose one store 3 has, as the personal authentication device 35, a device for inputting a message that a signature has been verified (or, a scanner for capturing a signature as an image), a device for inputting a password, a device for obtaining fingerprint information, and a device for obtaining iris information. Thus, as shown in FIG. 13A, when the set authentication level is the lowest level A, the authentication process is executed with only a signature; at level B, the authentication process is performed with a signature and an input password; at level C, the authentication process is performed with a signature and a verified fingerprint; and at level D, the authentication process is performed with a signature, a password, a verified fingerprint, and a verified iris.

[0110] Likewise, at another store, as shown in FIG. 13B, when a set authentication level is the lowest level A, the authentication process is performed with only an input password; at level B, the authentication process is performed with an input password and a verified fingerprint; at level C, the authentication process is performed with an input password and a verified voiceprint; and at level D, the authentication process is performed with an input password, a verified fingerprint, and a verified voiceprint. At another store, as shown in FIG. 13C, at level A, the authentication process is performed with a signature and an input password; at level B, the authentication process is performed with a signature and a verified fingerprint; at level C, the authentication process is performed with a signature, a verified fingerprint, and a verified palmprint; and at level D, the authentication process is performed with a signature, a verified fingerprint, identified face information (based on feature information of a captured image of a face), and a verified voiceprint. At yet another store, as shown in FIG. 13D, at level A, the authentication process is performed with a signature; at level B, the authentication process performed with a challenge response and a signature; at level C, the authentication process is performed with a challenge response and a verified fingerprint; and at level D, the authentication process is performed with a challenge response, a verified fingerprint, and a verified palmprint.

[0111] In this case, verification with a signature may be performed in such a manner that, for example, a clerk at the store 3 verifies the signature of a user and operates a button or the like for the completion of verification on the personal authentication device 35. Alternatively, image information of the user's signature may be captured into the personal authentication device 35 or features of the user's signature may be captured as information so that such information is transmitted to the server 11 via the client 31 and the network 2.

[0112] In the above, the description has been given for a case in which a plurality of authentication methods is combined depending on each authentication level. However, at a store 3 having the same number of personal authentication devices, each having a different authentication accuracy, as the number of authentications levels, a personal authentication device may be selected such that only one personal authentication device that is suitable for each authentication level is used to perform an authentication process. When an employed method for authentication involves asking personal information (e.g., an address or part of a telephone number) registered at the time of user registration or questions that are not so complicated information, such as a birthplace and/or mother's maiden name, but that can only be answered by an authentic person, the number of questions may be changed depending on an authentication level. Additionally, only one authentication process device may be used to allow for a plurality of authentication processes, and the type or number of authentication processes to be executed may be changed according to an authentication level.

[0113] In step S14, the CPU 101 of the client 31 generates a message for causing the user at the store 3 to undergo a personal authentication process using the personal authentication device 35 that includes a combination determined in step S13, and outputs the message to the display 33 via the accounting device 32 to prompt the user to input, via the input device 36, information necessary for executing personal authentication of the user. The input user's personal authentication information is subjected to necessary processes (e.g., an image process and a feature extracting process) by the personal authentication device 35 and is then supplied to the client 31.

[0114] In step S15, the CPU 101 of the client 31 transmits the user's personal authentication information, which is input from the personal authentication device 35 in step S14, to the server 11 via the internal bus 102, the network interface 108, and the network 2.

[0115] In step S16, the CPU 61 of the server 11 receives the user's personal authentication information from the client 31 and executes an authentication process based on the registered user's personal information recorded in the personal-information database 22. In step S17, the CPU 61 transmits the result of the authentication process executed in step S16 to the client 31 via the internal bus 63, the input/output interface 62, the network interface 70, and the network 2.

[0116] In step S18, based on the user's information, which is transmitted from the client 31 in step S2, such as a client ID, a purchase amount to be spent by the user, and an item category, the CPU 61 of the server 11 updates the activity-area/time-frame weighting table, purchase-amount weighting table, and item-category weighting table, which are stored in the personal-information database 22.

[0117] In step S19, the CPU 101 of the client 31 receives the personal authentication process result from the server 11 via the network 2, the network interface 108, and the internal bus 102. In step S20, based on the received personal authentication process result, the CPU 101 determines whether or not the personal authentication is properly executed.

[0118] In step S20, when it is determined that the personal authentication is not properly executed, in step S21, the CPU 101 of the client 31 generates an error message indicating the failure of the authentication process and outputs the error message to the display 33 via the accounting device 32, so that the clerk at the store 3 is notified of, for example, the credit card being suspended from use, thereby ending the process.

[0119] In step S20, when it is determined that the personal authentication is properly executed, in step S22, the CPU 101 of the client 31 generates a message for execution of the accounting process and outputs the message to the display 33 via the accounting device 32, so that the clerk at the store 3 is notified that the authentication process for use of the credit card has been properly executed, thereby ending the process.

[0120] In the processes described above, the likelihood of whether or not a user at the store 3 is an authentic user who has been registered is determined based on the ordinary activity pattern of the registered user. With this arrangement, when a rightful user undergoes an authentication process in the range of his or her ordinary life, it is possible to prevent an authentication process from being executed at an authentication accuracy more than required and thus to prevent more time from being taken than required, for an accounting process upon purchase of goods or services.

[0121] In addition, since the personal activity pattern utilized for determination of an authentication level is sequentially updated according to the use status of a credit card, the present invention can be applied to not only a case in which the activity pattern of a user varies, but can also increase the possibility of preventing damage beforehand even when a third party has already acquired some personal information of the user, since an individual activity pattern that can vary sequentially is difficult for a third party to imitate. Specifically, when an unauthorized person impersonates a registered user to undergo an authentication process, the authentication level becomes high or the possibility that the authentication process itself is disabled becomes high.

[0122] Furthermore, a determination is made as to whether high authentication levels continue. When it is determined so, since such an activity is apparently unnatural, the use status of the credit card and the like is confirmed with the registered use by some kind of method. Thus, when the impersonating third party fraudulently uses the credit card, it is possible to prevent extensive damage.

[0123] While the description in the above has been given for a case in which a credit card is used at the time of purchase of goods or services, the present invention can also be used for other applications. Examples include issuance of various certificates at a government or municipal office or the like and a personal authentication process executed for a room access control, as well as the use of a cash card or an IC card.

[0124] In the illustrated embodiment, the personal information of a registered user is recorded in the storage section 12 in the authentication center 1, and the server 11 determines an authentication level therefor and performs an authentication process based on personal authentication information obtained by the client 31. However, the authentication center 1 may determine only an authentication level, and the client 31 may hold personal information, obtain personal authentication information, and perform an authentication process. Alternatively, only one device may determine an authentication level, obtain personal authentication information, hold personal information, and perform an authentication process without transmitting and receiving information over the network 2. Additionally, for example, an IC card, such as a PKI (public key infrastructure) card, supporting a PKI may be used for the authentication process.

[0125] The series of processes described above can also be implemented with software. In such a case, a computer that is implemented with dedicated hardware into which a program that realizes such software is incorporated may be used, or alternatively, such software is installed on a general-purpose personal computer, which can execute various functions by installing various programs, from a recording medium.

[0126] As shown in FIGS. 2 and 11, the recording medium is implemented with a packaged medium, on which a program is recorded and which is distributed to a user separately from a compute. Examples of packaged media include the magnetic disks 81 and 111 (including a flexible disk), the optical disks 82 and 112 [including a CD-ROM (Compact Disk-Read Only Memory) and a DVD (Digital Versatile Disk)], the magnetic optical disks 83 and 113 [including an MD (Mini-Disk) (copyright)], and the semiconductor memories 84 and 114.

[0127] Herein, steps for writing a program onto a recording medium may or may not be performed according to time series as described above, and may also be performed in parallel or independently.

[0128] Herein, the term “system” represents the entirety of the plurality of devices. 

What is claimed is:
 1. An information processing apparatus comprising: first recording means for recording information concerning an activity pattern of a registered user; first obtaining means for obtaining information concerning a location at which a shopping user undergoes an authentication process; second obtaining means for obtaining the current time; and authentication-level determining means for determining an authentication level for the authentication process to be executed for the shopping user, based on the information concerning the registered user's activity pattern recorded in the first recording means, the information concerning the location obtained by the first obtaining means, and the current time obtained by the second obtaining means.
 2. An information processing apparatus according to claim 1, wherein the information concerning the activity pattern is recorded as a table in the first recording means, weighting factors being specified in the table so as to correspond to locations and time frames; and based on one of the weighting factors which corresponds to the information concerning the location obtained by the first obtaining means and the current time obtained by the second obtaining means, the authentication-level determining means determines the authentication level for the authentication process to be executed for the shopping user.
 3. An information processing apparatus according to claim 1, wherein activity patterns that vary depending on the day of the week are registered in the information concerning the activity pattern recorded in the first recording means.
 4. An information processing apparatus according to claim 1, further comprising updating means for updating the activity pattern recorded in the first recording means.
 5. An information processing apparatus according to claim 1, further comprising: third obtaining means for obtaining information concerning an item to be purchased or a service to be used by the shopping user and second recording means for recording a table, the table being used for determining a predetermined weighting factor so as to correspond to the information concerning the item or the service, wherein the authentication-level determining means further uses the information concerning the item or the service obtained by the third obtaining means and the weighting factor that is determined according to the table recorded by the second recording means, to determine the authentication level.
 6. An information processing apparatus according to claim 5, further comprising updating means for updating the table recorded in the second recording means.
 7. An information processing apparatus according to claim 5, wherein the information concerning the item or the service includes the information of an amount of money to be spent by the shopping user.
 8. An information processing apparatus according to claim 5, wherein the information concerning the item or the service includes category information of the item or the service.
 9. An information processing apparatus according to claim 1, further comprising transmitting means for transmitting information concerning the authentication level determined by the authentication-level determining means to another information processing apparatus.
 10. An information processing method comprising: a recording control step of controlling the recording of information concerning an activity pattern of a registered user; a first obtaining control step of controlling the obtaining of information concerning a location at which a shopping user undergoes an authentication process; a second obtaining control step of controlling the obtaining of the current time; and an authentication-level determining step of determining an authentication level for the authentication process to be executed for the shopping user, based on the information concerning the registered user's activity pattern that is recorded under the control of the recording control step, the information concerning the location that is obtained under the control of the first obtaining control step, and the current time that is obtained under the control of the second obtaining control step.
 11. An information processing apparatus that uses a plurality of authentication process methods, the information processing apparatus comprising: first transmitting means for transmitting, to an authentication center, predetermined information necessary for determining an authentication level for an authentication process to be executed for a shopping user; first receiving means for receiving authentication level information from the authentication center; and determining means for determining a combination of the plurality of authentication process methods, based on the authentication level information received by the first receiving means.
 12. An information processing apparatus according to claim 11, further comprising recording means for recording a table, the table being used for determining the authentication process to be executed so as to correspond to the authentication level, wherein the determining means determines a combination of the plurality of authentication process methods for the authentication process such that the authentication level information received by the first receiving means corresponds to the table recorded by the recording means.
 13. An information processing apparatus according to claim 11, wherein the predetermined information transmitted from the first transmitting means includes an identification for identifying a location at which the authentication process is to be executed.
 14. An information processing apparatus according to claim 11, wherein the predetermined information transmitted from the first transmitting means includes the information of an amount of money to be spent by the shopping user.
 15. An information processing apparatus according to claim 11, wherein the predetermined information transmitted from the first transmitting means includes category information of an item to be purchased or a service to be used by the shopping user.
 16. An information processing method for an information processing apparatus that uses a plurality of authentication process methods, the information processing method comprising: a first transmitting step of transmitting, to an authentication center, predetermined information necessary for determining an authentication level for an authentication process to be executed for a shopping user; a step of receiving authentication level information from the authentication center; and a step of using a combination of the plurality of authentication process methods, based on the authentication level information received by the receiving step.
 17. An information processing apparatus that uses a plurality of authentication process methods, wherein the information processing apparatus performs an authentication process using a combination of the authentication processing methods which is determined based on either time or a location at which an authentication process is to be performed or based on both the time and the location.
 18. An authentication method for an information processing apparatus that uses a plurality of authentication process methods, the authentication method comprising a step of performing an authentication process by using a combination of the authentication process methods which is determined based on either time or a location at which an authentication process is to be performed or based on both the time and the location.
 19. An information processing apparatus that uses a plurality of authentication process methods, the information processing apparatus performs an authentication process using a combination of the authentication process methods which is determined based on an item to be purchased through the authentication process or an amount of money for the item or based on both the item and the amount of money.
 20. An authentication method for an information processing apparatus that uses a plurality of authentication process methods, the authentication method comprising a step of performing an authentication process using a combination of the authentication process methods which is determined based on an item to be purchased through the authentication process or an amount of money for the item or based on both the item and the amount of money. 